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REMARKS 

AmenidliTiieinits to the Claims 

Claims 1, 3-10, and 29-32 remain pending in the application. Applicants have canceled 
claims 2, 1 1-20, 22-24, and 26-28, which claims Applicants retain the right to pursue in a 
divisional application. Claim 1 is amended to incorporate the limitations previously recited in 
now canceled claim 2. The foregoing amendments are intended to place the application in 
condition for allowance or, alternatively, in better form for appeal should the rejections be 
maintained. 

The Rejections in the Office Action 

In view of the canceled claims, the rejections remain with respect to claims 1,3-10, and 
29-32. Claim 31 stands rejected under 35 U.S.C. § 102(e) as anticipated by U.S. Patent No. 
6,182,142 ("Win"). Claims 1, 3, 4, 6, and 29 stand rejected under 35 U.S.C. § 103 as 
unpatentable over Win in view of U.S. Patent No. 6,470,453 ("Vilhuber"). Claims 7 and 8 stand 
rejected under 35 U.S.C. § 103 as unpatentable over Win in view of Vilhuber and further in view 
of Official Notice. Claims 5, 9, and 10 stand rejected under 35 U.S.C. § 103 as unpatentable 
over Win in view of Vilhuber and further in view of U.S. Patent No. 6,493,749 ("Paxhia"). 
Claims 30 and 32 stand rejected as unpatentable over Win in view of Official Notice. 

Interview Summary 

Applicants thank Examiner Song for the courtesy he extended during a February 24, 2004 
telephone interview with Applicants' representative Robert Wittmann to discuss the final Office 
Action. During the interview, Examiner Song agreed that Win did not disclose determining the 
characteristic of a link or basing an access decision upon such a determined characteristic at col. 
6, lines 48-61 as indicated at page 3 of the Office Action. However, Examiner Song indicated 
that a closer review of the Win patent was necessary and invited Applicants to file a formal 
request for reconsideration, which is included herewith. 

Smtmmary of Applicants' Response 

Pending claims 1,3-10, and 29-32 are directed to enforcing a policy on a computer 
network. Each of these claims recite a method of determining whether to grant or deny a user 
access to a network based upon a determined group arid a second determined characteristic such 
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as the characteristic of a link, a communication medium, or of a calling location. The prior art 
cited in the Office Action, either when taken alone or in combination, fails to disclose, teach, or 
suggest determining whether to grant or deny access based on the characteristic of a link, 
communication medium, or calling location. Accordingly, the pending claims are believed to be 
in condition for allowance and Applicants request that the rejections be withdrawn. 

DiscMSsiomt of the Rejjectioms under 35 U.S.C. §§ 102 and 103 

1. Claim 31 . 

The Office Action rejects claim 3 1 as anticipated by Win. Claim 31 recites a user 
attempting to access a network through a communication medium. Claim 3 1 further recites the 
steps of "determining a group to which the user belongs; determining the medium type and based 
on the determined group and the medium type , selecting an action . . . usable to grant or deny 
access to the network." (emphasis added). Thus, claim 31 requires that the decision to grant or 
deny access be based on two independent factors - one being the determined group and the other 
being the determined medium type. 

Win discloses a method of granting or denying access to a network through the use of 
cookies. When a user first attempts to access the network, the user is required to enter a 
password and user name. (Win, col. 6, 11. 48-51). A server then places a "roles cookie" on the 
browser of the user's machine. (Id., col. 6, 11. 51-55). The roles cookie includes a list of the 
user's roles, which define the roles of the particular user, e.g. engineering, sales, marketing and 
the like. (Id., col. 10, 1. 67 and col. 5, 11. 28-39). Win further discloses the following with 
respect to granting and denying access to the network: 

If the resource is not a public resource, then a user is allowed access only if the 
user is authorized, as shown by state 320. In the preferred embodiment, state 320 
involves testing whether the request from browser 1 00 contains a "roles cookie" 
that can be decrypted, and the user has one or more roles, in a combination 
defined by an Access Rule. Each Access Rule is a Boolean expression of one or 
more roles. In an alternate embodiment, state 320 involves testing whether the 
user has at least one role needed to access the resource. If these conditions are 
satisfied, then the user is deemed authorized. If these conditions are not satisfied, 
the user does not have authorization and the Runtime Module returns a 
redirection to a pre-defined URL, as shown by state 322. Preferably, the pre- 
defined URL identifies a Web page that displays the message "Access 
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Restricted," or an equivalent warning that informs the user that it cannot access 
the requested resource. 

(col. 8, 1. 56 - col. 9, 1. 5). 

Thus, Win discloses that the decision as to whether to grant or deny access to the network 
is based solely on the roles cookie. Nowhere does Win disclose, teach, or even remotely suggest 
that the roles cookie includes any information concerning a medium type or even the step of 
determining the medium type. Thus, it necessarily follows that Win fails to disclose determining 
whether to grant or deny access based upon a determined medium type through which the user 
connects to the network. Accordingly, Win does not anticipate claim 3 1 . 

Applicants additionally note that the rejection of claim 31 is improper because it fails to 
indicate that Win discloses each and every limitation recited in that claim. In its rejection of 
claim 31 (found at page 2, % 3 of the Office Action), the Office Action does not assert that Win 
discloses determining whether to grant or deny access based upon the step of determining the 
medium type. 

2. Claims L 3, 4, 6, and 29 . 

Claims 1, 3, 4, 6, and 29 stand rejected under 35 U.S.C. § 103 as unpatentable over Win 
in view of Vilhuber. Independent claim 1 and corresponding dependent claims 3, 4, and 6 recite 
a method wherein a user attempts to access the network over a network link. These claims 
further recite the steps of "determining a group to which the user belongs and evaluating the link 
to determine the characteristic of the link," and "based on the determined group and the 
determined characteristic , selecting an authorization parameter . . . used by the network access 
server to grant or deny access." (emphasis added). Independent claim 29 recites a user 
attempting to access a network through a communication medium. Claim 29 further recites the 
steps of "determining a group to which the user belongs; determining the medium type and, 
based on the determined group and the medium type , selecting an action . . . used by a network 
access server to grant or deny access to the network." (emphasis added). 

Win does not disclose, teach, or suggest that a decision on whether to grant or deny 
access is based on a determined characteristic of a link or a medium type. As discussed above, 
Win bases the decision on whether to grant or deny access based solely on the roles cookie 
embedded in the user's browser. The information in the roles cookie is entirely unrelated to the 
characteristic of the link or medium type through which the user accesses the network. 
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In its rejection of claim 2, now applicable to claim 1 because of Applicants' amendment, 
the Office Action asserts that "Win discloses evaluating the link to determine a characteristic of 
the link and selecting authorization parameter based on the determined characteristic in (fig. 1 
and col. 6, lines 48-61)." However, the cited portion of Win relied upon by the Office Action 
does not support the stated conclusion. The cited portion specifically provides as follows: 

Access Server 106 stores a log-in page, Authentication Client Module and Access 
Menu Module. The Authentication Client Module authenticates a user by 
verifying the name and password with the Registry Server 108. If the name and 
password are correct, the Authentication Client Module reads the user's roles 
from the Registry Server 108. It then encrypts and sends this information in a 
"cookie" to the user's browser. A "cookie" is a packet of data sent by web servers 
to web browsers. Each cookie is saved by browser 100 until the cookie expires. 
Cookies received from a web server in a specific domain are returned to web 
servers in that same domain during open URL requests. A cookie returned by the 
Authentication Client Module is required for access to resources protected by the 
system 2. 

(Win, col. 6, 11. 48-61). 

The section of Win reproduced above merely states that a cookie containing the user's roles is 
encrypted and stored on the user's machine. Nowhere does it state that a characteristic of a link 
or medium type is determined and more particularly, does not state that such determined 
characteristic formulates the basis of a decision on whether to grant or deny access. 

Vilhuber discloses a user connected to a network through a network access server. 
(Vilhuber, Fig. 1). The network access server disclosed in Vilhuber controls access to a network 
through convention means that require the user to enter a user name and password. (Id., col. 8, 
11. 8-19). Nowhere does Vilhuber disclose, teach, or even suggest basing a decision on whether 
to grant or deny access upon a determined characteristic of a link or medium type. 

In summary, neither Vilhuber nor Win disclose, teach, or suggest basing a decision on 
whether to grant or deny access upon a determined characteristic of a link or medium, nor does 
the combination of these references provide such teaching. Accordingly, the Office Action has 
not established a prima facie case of obviousness and Applicants request that the rejections be 
withdrawn. 
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3. Claims 7 and 8 . 

Claims 7 and 8 stand rejected under 35 U.S.C. § 103 as unpatentable over Win in view of 
U.S. Patent No. 6,470,453 ("Vilhuber") and further in view of Official Notice. Claims 7 and 8 
depend from claim 1 . As discussed above, claim 1 requires determining both a group to which 
the user belongs and a characteristic of the link through which the user is connected to the 
network. The decision on whether to grant or deny access is then based upon both the 
determined group and the characteristic of the link. 

As further discussed above, neither Vilhuber nor Win disclose, teach, or suggest basing a 
decision on whether to grant or deny access upon a determined characteristic of a link nor does 
the combination of these references provide such teaching. Thus, notwithstanding any official 
notice concerning limiting access to a particular time frame, the Office Action has not 
established a prima facie case of obviousness and Applicants request that the rejections be 
withdrawn. 

4. Claims 5, 9, and 10 . 

Claims 5, 9, and 10 stand rejected under 35 U.S.C. § 103 as unpatentable over Win in 
view of Vilhuber and further in view of Paxhia. Claims 5, 9, and 10 depend from claim 1. As 
discussed above, claim 1 requires determining both a group to which the user belongs and a 
characteristic of the link through which the user is connected to the network. The decision on 
whether to grant or deny access is then based upon both the determined group and the 
characteristic of the link. 

As further discussed above, neither Vilhuber nor Win disclose, teach, or suggest, basing a 
decision on whether to grant or deny access upon a determined characteristic of a link. Paxhia is 
cited by the Office Action because it allegedly discloses an override attribute. However, Paxhia 
likewise fails to disclose, teach, or suggest, basing an access determination on a determined 
characteristic of a link. Accordingly, Win, Vilhuber, and Paxhia do not teach the claimed 
invention even when combined and the Office Action has not established a prima facie case of 
obviousness. Applicants request that the rejection be withdrawn. 

5. Claims 30 and 32 . 

Claims 30 and 32 stand rejected as unpatentable over Win in view of Official Notice. 
Independent claims 30 and 32 recite a user attempting to access a network through a dial up link. 
These claims further recite "determining a group to which the user belongs; determining the 
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called number of the dial up link and, based on the determined group and the number, selecting 
an action . . . usable to grant or deny access to the network." 

Win does not disclose, teach, or suggest determining a called number or basing a decision 
on whether to permit access based on the determined number. The Office Action asserts that 
"Official notice is taken that dial up link is well known in the art. One of ordinary skill in the art 
would have been motivated to use called number because with dial up link user can be called 
back and offers convenient and cost efficient to access remote site." Even assuming arguendo 
that the stated assertion is true, the Office Action fails to establish a prima facie case of 
obviousness. The claims do not recite using a callback number. Rather, the claims recite 
determining the called number and then determining whether to grant or deny access based on 
the determined number, which feature is not disclosed, taught, or suggested by Win nor does the 
Official Notice even allege such feature as known within the art. Accordingly, Applicants 
request that the rejection be withdrawn. 



The application is considered in good and proper form for allowance, and the Examiner is 
respectfully requested to pass this application to issue. If, in the opinion of the Examiner, a 
telephone conference would expedite the prosecution of the subject application, the Examiner is 
invited to call the undersigned attorney. 



Conclusion 



Respectfully submitted, 




Robert Wittmann, Reg. No. 54,549 
LEYDIG, VOIT & MAYER, LTD. 
Two Prudential Plaza, Suite 4900 
1 80 North Stetson Avenue 
Chicago, Illinois 60601-6780 
(312)616-5600 (telephone) 
(312)616-5700 (facsimile) 



Date: February 24, 2004 



Amendment or ROA - Final (Revised 7/29/03) 



10 



